High-performance DTLS (Datagram Transport Layer Security) library for .NET, powered by a native Rust backend.
- Sans-I/O design for maximum flexibility
- AOT compatible
- DTLS 1.2 / 1.3 support
DtlsClientOptions options = new()
{
ServerName = "example.com",
RemoteCertificateValidation = (cert, chain, errors) => true,
};
await using DtlsTransport transport = await DtlsTransport.CreateClientAsync(udpTransport, options);
await transport.HandshakeAsync();
await transport.SendAsync(data);
int bytesRead = await transport.ReceiveAsync(buffer);
await transport.CloseAsync();DtlsServerOptions options = new()
{
Certificate = serverCert,
};
await using DtlsTransport transport = await DtlsTransport.CreateServerAsync(udpTransport, options);
await transport.HandshakeAsync();
int bytesRead = await transport.ReceiveAsync(buffer);
await transport.SendAsync(response);Low-level datagram transport abstraction that preserves message boundaries.
public interface IDatagramTransport
{
ValueTask<int> ReceiveAsync(Memory<byte> buffer, CancellationToken cancellationToken = default);
ValueTask SendAsync(ReadOnlyMemory<byte> datagram, CancellationToken cancellationToken = default);
}Async I/O wrapper that bridges the sans-I/O protocol engine with an IDatagramTransport.
| Method | Description |
|---|---|
CreateClientAsync |
Create a DTLS client |
CreateServerAsync |
Create a DTLS server |
HandshakeAsync |
Perform DTLS handshake |
SendAsync |
Send encrypted datagram |
ReceiveAsync |
Receive decrypted datagram |
CloseAsync |
Send close_notify for graceful shutdown |
Sans-I/O DTLS protocol engine for advanced scenarios.
| Method | Description |
|---|---|
CreateClient |
Create a client session |
CreateServer |
Create a server session |
Feed |
Feed received data into the engine |
HandleTimeout |
Handle retransmission timeout |
Send |
Encrypt plaintext into output |
TryReceive |
Try to read decrypted application data |
Close |
Queue close_notify for graceful shutdown |
VerifyPeer |
Verify peer certificate |
DtlsClientOptions — Client configuration:
| Property | Description |
|---|---|
ServerName |
Required. Server hostname for SNI |
ClientCertificate |
Optional client certificate |
RemoteCertificateValidation |
Custom certificate validation callback |
HandshakeTimeout |
Handshake timeout (default 15s) |
Version |
SSL/TLS protocol version |
DtlsServerOptions — Server configuration:
| Property | Description |
|---|---|
Certificate |
Required. Server certificate with private key |
RemoteCertificateValidation |
Custom certificate validation callback |
HandshakeTimeout |
Handshake timeout (default 15s) |
Version |
SSL/TLS protocol version |
RequireClientCertificate |
Whether to require client certificate |